VPN can be useful, but frankly for most people they really don't enhance security much. (That's different from using corporate VPNs, which are usually necessary to access stuff at w*rk).
If you have an iPhone/iPad almost all your apps will be using encrypted network communication (App Transport Security using TLS). There are a few exceptions, but developers have to justify the use of insecure networking to Apple.
In any web browser on any platform you should be avoiding sites that aren't using https (most browsers show a lock icon on these sites). There's very little excuse for sites not to be using HTTPS since the secure certificates are free (see
Let's Encrypt) and easy to use. Heck, I added HTTPS support to my HOA's little website. About 50% of the sites I regularly visit use HTTPS now and the percentage is growing. Every financial site I visit uses it. I hope there aren't any left that don't.
If you want a good in-depth, but not overly technical discussion of VPNs and some recommendations for providers I'd recommend
The Wirecutter
I personally don't use a VPN, and also avoid most public WiFi since LTE on my phone is generally faster and more reliable anyway.
Does anyone know why
http://www.early-retirement.org hasn't moved to HTTPS yet?